Hello, syzbot found the following issue on: HEAD commit: 9187210eee7d Merge tag 'net-next-6.9' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=122856fa180000 kernel config: https://syzkaller.appspot.com/x/.config?x=222448ff79dba2ea dashboard link: https://syzkaller.appspot.com/bug?extid=91dbdfecdd3287734d8e compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/98c1ea7ddb95/disk-9187210e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/343c5524f68f/vmlinux-9187210e.xz kernel image: https://storage.googleapis.com/syzbot-assets/6c0c68b0ee90/bzImage-9187210e.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+91dbdfecdd3287734d8e@xxxxxxxxxxxxxxxxxxxxxxxxx Bluetooth: hci0: Opcode 0x0c03 failed: -110 ============================================ WARNING: possible recursive locking detected 6.8.0-syzkaller-05202-g9187210eee7d #0 Not tainted -------------------------------------------- kworker/u9:5/13642 is trying to acquire lock: ffff88803165d148 ((wq_completion)hci0){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x6e/0x120 kernel/workqueue.c:3901 but task is already holding lock: ffff88803165d148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x1296/0x1a60 kernel/workqueue.c:3229 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((wq_completion)hci0); lock((wq_completion)hci0); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by kworker/u9:5/13642: #0: ffff88803165d148 ((wq_completion)hci0){+.+.}-{0:0}, at: process_one_work+0x1296/0x1a60 kernel/workqueue.c:3229 #1: ffffc90004d47d80 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x906/0x1a60 kernel/workqueue.c:3230 stack backtrace: CPU: 0 PID: 13642 Comm: kworker/u9:5 Not tainted 6.8.0-syzkaller-05202-g9187210eee7d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: hci0 hci_error_reset Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 check_deadlock kernel/locking/lockdep.c:3062 [inline] validate_chain kernel/locking/lockdep.c:3856 [inline] __lock_acquire+0x20e6/0x3b30 kernel/locking/lockdep.c:5137 lock_acquire kernel/locking/lockdep.c:5754 [inline] lock_acquire+0x1b1/0x540 kernel/locking/lockdep.c:5719 touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3901 __flush_workqueue+0x129/0x1200 kernel/workqueue.c:3943 drain_workqueue+0x18f/0x3d0 kernel/workqueue.c:4107 destroy_workqueue+0xc2/0xaa0 kernel/workqueue.c:5673 hci_release_dev+0x14e/0x660 net/bluetooth/hci_core.c:2808 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:94 device_release+0xa1/0x240 drivers/base/core.c:2499 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1fa/0x5b0 lib/kobject.c:737 put_device+0x1f/0x30 drivers/base/core.c:3747 process_one_work+0x9a9/0x1a60 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3416 kthread+0x2c1/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup